FORM problems and security questions

PHP
1

Hi guys, would appreciate your input on a few things :slight_smile:

I’m a real beginner in PHP programming but am obliged design a form for the organisation I work for that has to be both simple and secure.

First off - can anyone tell me why this doesn’t work ? it generates a random string but it is in capital letters…however when i type an exact match into the box it always comes up as a failure…

It isn’t my code but one I’ve pinched from the internet and amended a little.

Here is the image.php file:

<?php
session_start();

$img = imagecreatetruecolor(300, 100);

$white = imagecolorallocate($img, 255, 255, 255);
$black = imagecolorallocate($img, 0, 0, 0);
$grey = imagecolorallocate($img,150,150,150);
$red = imagecolorallocate($img, 255, 0, 0);
$pink = imagecolorallocate($img, 200, 0, 150);

function randomString($length){
$chars = “abcdefghijkmnopqrstuvwxyz023456789”;
srand((double)microtime()*1000000);
$str = “”;
$i = 0;

    while($i &lt;= $length){
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $str = $str . $tmp;
        $i++;
    }
return $str;

}

for($i=1;$i<=rand(1,5);$i++){
$color = (rand(1,2) == 1) ? $pink : $red;
imageline($img,rand(5,70),rand(5,20), rand(5,70)+5,rand(5,20)+5, $color);
}

imagefill($img, 20, 20, $white);

$string = randomString(rand(7,10));
$_SESSION[‘string’] = $string;

imagettftext($img, 20, 0, 100, 100, $black, “Twelve Ton Goldfish.ttf”, $string);

header(“Content-type: image/png”);
imagepng($img);
imagedestroy($img);

?>

and here is the image.php file :
<?php
ob_start();
session_start();

if(!$_POST[‘submit’]){
echo "<form method=\“post\” action=\“captcha.php\”>
";
echo "<table border=\“0\” cellspacing=\“3\” cellpadding=\“3\”>
";
echo "<tr><td>Type The Letters You See Below Into the Box</td></tr>
";
echo "<tr><td align=\“center\”><img src=\“image.php\”></td></tr>
";
echo "<tr><td align=\“right\”><input type=\“text\” name=\“image\”></td></tr>
";
echo "<tr><td align=\“right\”><input type=\“submit\” name=\“submit\” value=\“Check CAPTCHA\”></td></tr>
";
echo "</table></form>
";
}else {
$image = $_POST[‘image’];

if($image == $_SESSION['string']){
    echo "&lt;b&gt;Great success!&lt;/b&gt;\

";
}else {
echo "<em>Failure!</em>
";
}
}

ob_end_flush();
?>

that’s my first questions ! have got others coming up:eyes:
big thanks!

JUST CHECKED IT AGAIN AND IT WORKS

  • WHY is it in capitals tho?
2

feel really daft :x I’ve now worked out that it was the font was causing the problem and so have replaced it with another.

If you help me re-position the generated lines I would appreciate it - plus any other comments ?

thanks guys!

3

What do you mean by re-position the lines?

4

so they cover the letters.
+
when i want to generate the random letters again the page has to be refreshed F5
what php can do that ?

5

ANYONE ?!